RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v28]
Kevin Driver
kdriver at openjdk.org
Wed Sep 11 23:12:26 UTC 2024
On Wed, 11 Sep 2024 20:58:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> batch of review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 341:
>
>> 339: // Calculate the number of rounds of HMAC that are needed to
>> 340: // meet the requested data. Then set up the buffers we will need.
>> 341: if (CipherCore.getKeyBytes(pseudoRandomKey).length < hmacLen) {
>
> Why call a method when you already had `prk` the bytes? Also, moving this check before the `SecretKeySpec` creation also prevents you from accepting an empty key.
@wangweij, @valeriepeng: Resolved in https://github.com/openjdk/jdk/pull/20301/commits/856faa8c6fe18ca9ab1210536c0060a5603625ab.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1755796386
More information about the security-dev
mailing list